What Ontario checks (and publishes as evidence).
Ontario is a pre-payment verification layer for x402-paid services. It performs a point-in-time scan of an endpoint and its required discovery surfaces, then publishes a public report (with integrity metadata) that agents and humans can cite before spending money.
These checks produce readiness evidence, not a safety guarantee. Always combine Ontario signals with your own spend limits, allow/deny policy, sandboxing, and review. See what Ontario does not check.
Core readiness signals
The readiness score is built from observable signals. For grade ready, Ontario requires:
httpsendpoint_reachablepayment_challengex402_manifest_presentx402_manifest_well_formedopenapi_schema
HTTPS + reachability
Confirms the service origin and submitted endpoint are reachable over HTTPS and respond intentionally.
HTTP 402 payment challenge behavior
Checks that a paid endpoint returns a real 402 flow (not a generic error) and exposes usable payment requirements.
/.well-known/x402.json manifest
Validates the manifest exists, parses, and contains structured service metadata that matches the paid endpoint.
/.well-known/openapi.json schema
Checks that an OpenAPI document is present and machine-readable so clients can integrate without guessing.
Protocol consistency checks (warnings)
Ontario also flags common integration hazards that break agent payment retries or wallet signing. These are reported as warnings and can reduce score.
- Network mismatch: manifest networks disagree with payment requirements.
- Missing
accepts: 402 response lacks structured payment requirements entries. - Stale manifest timestamps: last-updated metadata looks old or missing.
- Unparseable prices: price fields are not machine-parseable or inconsistent.
- Facilitator metadata gaps: payment requirements omit fields clients need to settle deterministically.
Evidence outputs Ontario publishes
Saved reports
Every saved report gets a stable report_id with evidence excerpts and recommendations.
Signed reports
Reports include integrity data so clients can validate the report was produced by Ontario.
Point-in-time verification
Ontario grades reflect what was observed at scan time; agents should prefer recent reports and re-verify as needed.
Trust Standard
Thresholds, required signals, evidence URLs, and certification rules are published in /.well-known/x402-trust.json.
How to reproduce the check
Ontario verification is designed to be easy to re-run. Use the UI or call the readiness API directly.
curl -X POST https://ontarioprotocol.com/api/verify/x402-readiness \
-H "Content-Type: application/json" \
-d '{"target_url":"https://example.com/api/paid-endpoint"}'
# Then open the report URL returned by the API:
# https://ontarioprotocol.com/verify/report/<report_id>